Secure online gaming registration system with privacy controls

ABSTRACT

An online gaming registration system allows online gaming patrons to register once and use this registration to create online gaming accounts with gaming Web sites, thereby avoiding having to show proof of residency, age and other requirements set by regulatory entities multiple times. Residency rules and other requirements vary from one jurisdiction to another and the present invention addresses some of the issues that arise from this. An online gaming Web site receives a login from an online player over the Internet. The site determines that the player has an account with the online gaming site and that the account is linked to an online gaming registration system account. The online gaming site receives claims-based data relating to the online player and accepts the player as verified for online gaming at the gaming Web site.

PRIORITY CLAIM

This application is a divisional of, and claims priority to and thebenefit of U.S. patent application Ser. No. 13/475,681, which was filedon May 18, 2012, the entire contents of which are incorporated herein byreference.

BACKGROUND

1. Field of the Invention

The described embodiments relate generally to wager gaming systems andthe Internet. More particularly, they relate to registering onlinegamers in order to abide by local online gaming rules in a secure andtrusted manner while maintaining player privacy.

2. Description of the Related Art

Online wager gaming has recently been gaining acceptance from regulatorybodies and is becoming increasingly popular among players in manyjurisdictions around the world. It is inevitable that there will be awide variety of rules and regulations that will be enacted to ensurethat players are physically located within a given gaming jurisdiction.With land-based gaming regulations there are many similarities in therules, but also a significant number of differences. This will likelyalso be the case with online gambling rules in the variousjurisdictions; that is, there will probably by a lot in common, but alsoa wide variety of differences. Some jurisdictions may have online playerregistration requirements that simply require an online backgroundcheck. For example, in Europe some jurisdictions require that onlinegamblers provide a tax ID or credit card and have a basic onlinebackground check performed. Others may have stricter requirements. Forexample, an online player may have to prove that she is a resident ofthe jurisdiction by providing hard copies of original documents andphysically appearing at a registration venue or office. For example, shemay be required to physically go to a sheriff's office or a casino,provide an ID and even fund an online wagering account in person.

These disparate requirements for registration in different jurisdictionsmay make it difficult for online gamblers to register for each onlinegaming site separately. It would be desirable to have a system that canprocess and manage diverse registration requirements for online gaming.This would allow the game developer and casino operator to focus ongames and essentially outsource the registration requirement segment(potentially involving knowledge of many different rules andrequirements) to a third party. Furthermore, some of the game developersor casino operators may not have a physical site (i.e., a brick andmortar casino), yet some jurisdictions may require that players come toa physical casino and register. In these cases, the game developers(online gaming operators) can use the facilities of the third party as aregistration venue. Other possibilities include allowing registration ofprospective online players at a sheriff's office or other governmentaloffice. It would be desirable to have a system which is trusted byonline gaming providers within a jurisdiction to register players.

SUMMARY OF THE DESCRIBED EMBODIMENTS

One aspect of the present invention is a method of operating an onlinegaming Web site. The Web site receives or detects a login attempt froman online player over the Internet. The site determines that the playerhas an account with the online gaming site and that it is linked to anonline gaming registration system account. The online gaming sitereceives claims-based data relating to the online player and accepts theplayer as verified for online gaming at the gaming Web site. In thismanner, a player does not provide direct proof of residency in thejurisdiction of the online gaming Web site to enable online gaming andplay anonymously at the online site if desired.

Another aspect of the present invention is a method of registering anonline gaming patron with an online gaming registration system used bygaming Web sites. The patron sends proof that the patron lives within aspecific jurisdiction to the gaming registration system. This may bedone via the Internet or in person at a registration venue. Theregistration system determines that the patron physically resides in thespecific jurisdiction. A username and password are set for the patronfor use with the registration system. The registration system may thencreate a registration for the patron which can be used by gambling Websites. These sites trust the gaming registration system with respect toensuring that the patron is abiding by certain online gaming regulationsfor the specific jurisdiction.

Another aspect of the present invention is a method of registering a newplayer at an online gaming Web site (as opposed to an online gamblingregistration site). The online gaming site receives player data relatingto the new player, for example, from a gambling registration system. Anonline gaming account is created for the new player. The gaming Web sitereceives secure claims data relating to the new player from the onlinegambling registration system. The online gaming account is then linkedwith a gambling registration system account which was created previouslyby the new player at the online gambling registration site.

BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments will be readily understood by the following detaileddescription in conjunction with the accompanying drawings, wherein likereference numerals designate like structural elements, and in which:

FIG. 1 is a flow diagram of a process of a prospective online playerregistering with a secure online gaming registration system inaccordance with one embodiment;

FIG. 2 is a flow diagram of processes that occur at the online gamblingsite in accordance with one embodiment;

FIG. 3 is a block diagram showing various components for secure onlineplayer registration as described in the flow diagrams above inaccordance with one embodiment; and

FIGS. 4A and 4B illustrate a computing device suitable for implementingspecific embodiments of the present invention.

DETAILED DESCRIPTION

Methods and systems for implementing an online gaming registrationsystem are described in the various figures. An increasing number ofjurisdictions, such as states, provinces, cities, and the like, aroundthe world are allowing its residents to gamble over the Internet. Anonline gaming site may have one or more physical, brick and mortaroffices within a specific jurisdiction. This may range from an office orroom with a server to a full-service casino. Alternatively, an onlinegaming site may not have any physical locations within a givenjurisdiction. One of the most prevalent requirements of operating anonline gaming site is that the individuals who use it to play wagergames must reside in the jurisdiction of the online site. Residencyrules and other requirements vary from one jurisdiction to another andthe present invention addresses some of the issues that arise from this.A simple example illustrates a typical scenario. If an online gamblingsite is based in Nevada (e.g., it is operated by a casino in Las Vegas),only residents of Nevada can gamble at that site over the Internet. Aplayer having residence in another state and is not a resident of Nevadais not allowed to login to the site and start gambling even if theplayer drives across state lines and accesses the site online whilephysically in Nevada. If she is not a resident of Nevada, she cannot usethe Web site for gambling. However, a Nevada resident can go to anotherstate and login to the site and gamble, even though she is notphysically in Nevada at the time. A player can be a resident of two ormore states; as long as one is Nevada, she can access the site and playonline In another example, some jurisdictions may not require actualresidency in a jurisdiction, but rather only that the online gambler bephysically present when gambling at an online site that is in the samejurisdiction that she is physically in. As such, the online gambler mayonly have to prove that he is using a computing device that isphysically within the jurisdiction in order to satisfy the online gamingrequirements. These are a few example scenarios. As online gaming grows,the number of possible scenarios will also grow.

Of course, there are other requirements that individuals must meet inorder to gamble online in addition to residency, such as being over acertain age. Other requirements may include having to maintain a certainamount of money in an online account used for placing bets. The presentinvention allows an individual player to register with an online playerregistration system within a jurisdiction once and then use thatregistration to create accounts and login to any number of online gamingWeb sites within that jurisdiction (or other allowed or partnerjurisdictions as allowed by regulations. An important feature is thatthe online gaming Web sites trust the registration system, therefore,once the individual registers with the system, as described below, theonline gaming sites can use that registration to satisfy their own loginand account creation requirements. Alternatively, each site may leveragethe registration system to automate the player registration process, butmay still require the player to create their own login credentialsunique to that site. In this manner, the individual does not have torepeatedly prove residency, age, and the like at each of the gaming Websites. She can simply rely on her single registration account at theonline player registration system which may serve one or morejurisdictions. The advantage to the online gaming Web sites is that theycan essentially outsource the online player registration requirementsestablished by regulators and lawmakers in their jurisdiction(presumably not their area of expertise) and, instead, focus on drivingthe best online gambling experience for their users.

As described below, the primary factor that allows for leveraging acentral player registration system within a jurisdiction is establishingtrust among the parties, particularly between the service provideroperating and maintaining the online player registration system and theonline gaming Web site operators. The regulators (e.g., a gaming controlboard) have to trust both the service provider and the integrity of itsregistration system and the operators of the online gaming Web sites. Asnoted above, these operators may be established brick-and-mortar(land-based) casinos that have had long relationships with theregulators or they may be start-ups or new businesses in thejurisdiction whose gambling operations are solely online In anotherembodiment, the regulatory body in a jurisdiction may also play the roleof the service provider and operate and maintain a registration system.In this scenario, there are essentially only two main parties, theregulator/service provider and the online gaming Web site operators.

In addition to the advantages enjoyed by online gamblers and operatorsnoted above, the online gaming registration system also enablesintegration with land-based player registration requirements. In somejurisdictions, patrons at a casino must be registered with the casinobefore they can gamble there (e.g., they have to present a registrationcard before they can enter the casino floor). The gaming registrationsystem of the present invention can be used by gaming operators tomanage and implement any land-based player registration requirements,essentially allowing the casinos to outsource this aspect of theiroperations to a trusted third-party provider. Alternatively, thecasino's existing player registration systems may be integrated with thegaming registration system to offer a seamless online and land playerregistration process. Another advantage is that the system facilitatesinspection or approval of online gaming registration in a jurisdictionsince each online gambler's registration is consistently formatted,stored in a central repository, and easily made accessible to theregulator by the service provider. Other advantages include providing acentralized storage for player preferences, which may includeresponsible gaming preferences for individual gamblers. As will beevident the registration system provides a streamlined online playerregistration process which online gaming Web sites within a gamingjurisdiction can take advantage of.

The online gaming registration system also minimizes revealing personalinformation or, more specifically, information that can be used toidentify an individual, to the online gaming sites. This enables a wayfor the online player to provide all the personal information necessaryto meet the online gaming regulations, but still maintain a certaindegree of anonymity in the eyes of the online gaming site operator. Theoperator trusts the online registration system service provider and sothe operator is told that the online player meets all the requirementsfor online gaming in that jurisdiction and that may be the onlyinformation the online site needs to know. The service provider may haveor require more information about the online player, but it is possibleto keep some or most of the personally identifying information about thegambler from the online gaming site operator, thereby supportinganonymous play. This ability to play with some degree of anonymity isvery important to a key group of gamblers. The amount of informationthat can be kept from the operator can be set based on playerpreferences.

FIG. 1 is a flow diagram of a process of an online player registeringwith a secure online gaming registration system in accordance with oneembodiment. The registration system may be operated and managed by agaming equipment manufacturer, such as IGT, Inc. of Reno, Nev., referredto herein as “service provider,” which offers the player registrationservice to multiple gaming operators within a given jurisdiction. It mayalso be operated by a governmental agency, such as a gaming controlboard. It may also be operated by a casino to handle that casino'sonline gambling requirements and offered as a service to other casinosand gaming operators in the jurisdiction (in this scenario the casino isthe service provider). For the purposes of illustrating one embodiment,the service provider has a venue or physical location where anindividual can go to register with the system. As noted, this may be acasino or a service provider office. It may also be a law enforcementagency, such as a police station or sheriff's office. In somejurisdictions it may be a gaming regulator's office or premises. Inother embodiments, a physical venue may not be required and theregistration process can be done online However, for the describedembodiments, it is assumed that an individual goes to a physical venueto begin the registration process.

At step 102 a prospective online player shows proof of residency to aservice provider at a particular venue. The gambler may also have toshow proof of age and other personal information and may be required todeposit money into an account or online wallet, described below. In oneembodiment, an online player may show residency by appearing in personat a registration site or venue and showing a driver license. In otherembodiments, the person may have to show multiple documents showingresidency, such as a utility bill or similar document. Regulations mayrequire that the gambler physically appear before the registrationentity and present original documents. In other embodiments, theregulations may not be as stringent and a prospective player may be ableto show residency by presenting a driver license number or a credit cardnumber to the service provider by entering it online. The serviceprovider can then use the number to determine an address of the gamblerand accept that as a residence address. In other embodiments, theregistration entity can use the driver license number to check the DMVor other appropriate government agency to see what the person's currentaddress is. In yet other embodiments, the registration entity can usethe IP address of the computer that the person is using to register andobtain a geographic location of the computer. Although this would notprovide residency information, it may be used as one data point in theoverall decision-making process of whether to register a prospectiveplayer. The various embodiments for determining residency, age, andother requirements can vary widely depending on the regulations of thegaming jurisdiction. The relevant point being that the system andprocesses of the present invention are able to manage and implementframeworks for the wide range of requirements, so that the online gamingoperators do not have to and that the system minimizes the number oftimes the online player has to register within a jurisdiction withstrict registration requirements.

Once the prospective player has shown proof of residency at step 102,the secure online registration system checks to see if the personalready exists in the database. In one embodiment, the system does notallow for multiple accounts for the same person in the samejurisdiction. In another embodiment, the same person cannot have morethan one resident address across multiple gaming jurisdictions. In otherembodiments, the same person may have more than one resident address,but not within the same gaming jurisdiction. However, generally, anindividual can only have one account (one residency address) in thesystem. This is checked at step 104. If the person already has anaccount or registration, then the process is over and the person iseither told by the service provider that he already has a registrationor is informed online at step 102 (this will depend on regulations inthe gaming jurisdiction).

If the person does not have a registration, control goes to step 106where he can set a user name and password for his new registration. Inother embodiments, the registration entity assigns an initial user nameand password and the individual can later change them. The online playerwill use this user name and password later whenever he needs to verifyhis residency at an online gaming site, as described below. At step 108the online player is registered with the registration. This may normallyinvolve creating a record which has his residency information, his birthdate, aliases, privacy settings, preferences, responsible gamingparameters, online “wallet” data, such as amount deposited, minimumbalance, and the like. In one embodiment, privacy settings determinewhat information about the online player is disclosed by theregistration system to one or more online gambling sites. An onlineplayer can elect to make every setting visible or may restrict access topersonally identifiable information, in which case the online site willonly know the player by a unique ID. In another example, the player maybe known by a unique random ID each time they play at an online casinoin order to offer the highest level of anonymity. As described below,some of this information may be used to create, in one embodiment, aclaims-based token associated with the online player. At this stage theprocess of creating a registration for the online player is complete.

FIG. 2 is a flow diagram of processes that occur at the online gamingsite in accordance with one embodiment. It assumes that the onlineplayer has already registered with the secure registration system andhas proved residency, age, and other information. At step 202 the onlineplayer goes to a gambling Web site. If she does not have an account withthe site, she starts to create one at step 204. It is anticipated thatthe usual method for a player to interact with both the online gamingsite and the secure online registration Web site is through a Webbrowser, although other presentation technologies may be used, includingnative smart phone applications, tablet applications, or applicationsrunning in dynamic windows displayed on the gaming machine, such as aService Window available on gaming machines supplied by IGT.

At step 206, the gambling Web site initiates a process of linking thegambling Web site account (started at step 204) with the secure onlineregistration account created in FIG. 1. It is in this manner, throughthe linking process, that the gaming Web site verifies data of theonline player, specifically the player's residency and age. The linkingof the two accounts satisfies the jurisdictional gaming regulationsbecause of the trust that exists between the two entities.

At step 208 the browser redirects the online player to the secure onlineregistration Web site. This is done using known techniques in the art.Once the browser has been re-directed to the registration site, at step210 the online player enters his user name and password (initiallyassigned at step 106). By successfully logging into the registrationsystem Web site, the online player has taken the first step in provinghis residency to the gaming Web site. Once the online player has loggedinto the registration system, in one embodiment, the system creates aclaims-based token. In another embodiment, it may create a security oraccess token. Before describing a token and sample implementations, itis important to note that the security model of the online registrationsystem of the present invention is a critical aspect in gaining thetrust of all the entities involved. This high degree of trust can beobtained through one or more methodologies. One is the use of Public KeyInfrastructure (PM) and through the use of a claims-based identitysystem. Another methodology, that may be more practical to implement insome configurations, is to use treat the token as a security token andallow the online gaming site access to player preferences using an APItogether with the token. In this embodiment, the token is effectively anaccess token.

At step 212 the online registration system creates the claims-basedtoken. In one embodiment, this token may be based on a commonclaims-based identity protocol, such as SAMLv2, OAuth or otherappropriate protocols, or it may be an access token that is leveraged bythe online gaming site to gain access to use an API to read informationabout the player. In the embodiment of a claims-based token, the tokenis created using data in the gambler's registration account, which mayinclude gaming preferences, personal information, responsible gamingparameters, account information, and so on. As noted, this same datacould also be accessed using an API and an access token if aclaims-based token is not used. The idea is that the claims-based token,or API returning data about the player, uniquely identifies the onlineplayer and when received by the online gaming site, either directlyconfirms his residency, age, and other requirements, or allows theonline site to access that information through an API. The token may becreated using one of various protocols and, as such, may use techniquesknown in the art. As noted, the token may contain a significant amountof personal and confidential information about the online player whichmust be transmitted securely and kept confidential by the gaming Website, as discussed below.

In one embodiment, a claims-based token, or an API called by the onlinegambling web site using an access token obtained after the playerauthenticates, returns the following information: whether a player isjurisdictionally verified using residency and age requirements for thejurisdiction; age; legal name; birthdate; responsible gaming parameters;wallet/source of funds information; and miscellaneous personalinformation required per jurisdiction or for business functionality.

At step 214 the online player completes authentication at theregistration Web site at which point one or more security provisions areimplemented. In one embodiment, the token is digitally signed by theservice provider at the registration site before it is transmitted. Theservice provider can sign the token using a private key of the serviceprovider. In another embodiment, the token may be signed using a secretkey if the registration site and the gambling site are using a sharedsecret. As known in the art, this signature is used to ensure that thetoken has not been tampered with during transmission and that the tokenreceived at the gambling Web site is in fact a token sent by theregistration site, as described in step 218.

Another level of security involves maintaining the confidentiality ofthe actual data in a claims-based token. In one embodiment, the onlinegaming site has its own public/private key pair. This is useful if theplayer authenticates herself to the registration system using aclaims-based token mechanism or authentication protocol. Theseprotocols, such as SAMLv2 and OpenID, use the player's (end-user's)browser as the mechanism to pass data between two systems, in this casethe registration system site and the gaming site. If the registrationsystem returns, for example, a SAML token describing a player's accountto the Web browser, it is then included in an HTTP POST or GET sent tothe gaming site by the gambler's browser. At this point, the informationin the SAML token is available on the gambler's browser and could bedisclosed to viruses, malware, or passed to unauthorized third-parties.This vulnerability can be avoided if the registration system siteencrypts sensitive data in the SAML token using the gaming Web site'spublic key. Other security models may also be implemented depending onbusiness and jurisdictional needs, such as including claims signed byregulators or state agencies indicating that a gambler registration wasapproved by regulators.

At step 216 the secure online registration site transmits a messageindicating that the player authentication is complete and also transmitsthe encrypted and digitally signed token to the gaming Web site. Inother embodiments, only the token is transmitted and the transmissionimplies that the gambler authentication was successful. At step 218 thetoken is received at the gaming Web site. There the signature of thetoken is verified by ensuring that it was signed by the private key ofthe registration site (again, which the gambling site trusts) using thesite's public key (or secret key if using a shared secret). Once that isdone, the gambling site decrypts the information in the claims-basedtoken that was encrypted at the registration site. This may be all ofthe information or some of it.

At step 220 any remaining operations that may be needed are taken tocomplete the linking of the online gaming account with the registrationaccount. In some cases, after the verifying and decrypting described instep 218, the linking process is complete. Now that the linking iscomplete and the player's residency, age, and other requirements havebeen met to the satisfaction of the gaming Web site, the site can nowproceed with dealing directly with the online player. That is, theonline gaming site accepts the player as verified to play in thatjurisdiction. At step 222 the site determines whether to enable gameplay on the site by the online player based on various factors, such asresponsible gaming parameters (including self-exclusion), amount andsource of funds, and the like. In another embodiment, it may establish alocal account linking the properties obtained from the registrationsystem. In most typical cases, the site will simply enable immediategame play for the online player.

FIG. 3 is a block diagram showing various components for secure onlineplayer registration as described in the flow diagrams above inaccordance with one embodiment. Many have been described above withrespect to the processes. Two primary systems or entities in FIG. 3 arethe secure online registration system/site 302. As noted above, this maybe operated by a third-party service provider, such as IGT, Inc. ofReno, Nev. Registration system 302 is in communication with numerousonline gaming Web sites 304 a-304 n. As described in detail above, theaccount linking process occurs between these two entities. Registrationsystem 302 can have a high volume of communications between it andnumerous gaming Web sites where each site can have hundreds of onlinegamblers attempting to login to their accounts or are creating newaccounts. These operations require at least some two-way communicationbetween the sites. In some cases this communication and any ancillaryverification may be extensive (relatively “thick”) depending on thejurisdictional requirements.

Another important party or entity in FIG. 3 is regulator 306, such as agaming commission or gaming control board. In one embodiment, thisentity is in communication with the registration system. It will likelyplay a role in approving registrations and may also assume a monitoringfunction as well. The degree of involvement of regulator 306 in theoperations of registration system 302 may depend on how strict theonline gaming regulations are in the jurisdiction and, equallyimportant, the level of trust between regulator 306 and registrationsystem 302. As noted above, in one embodiment, the regulator may also bethe service provider managing the registration system. The regulator mayalso provide information to the service provider and online gaming sitesabout players who are blacklisted, prevented from engaging in onlinegambling due to potential cheating online or in land-based casinos, orotherwise involved in criminal activity that regulators view as removingthe privilege of online gambling for that player. This is importantgiven that if each casino has its own registration system, then it willbe difficult for regulators to have sufficient control to preventingindividuals who are known cheaters or criminals from online gambling.

It is generally expected that in order for the overall system tofunction efficiently and to the benefit of all parties, the parties musthave trustful relationships among them. The trust among registrationsystem 302, gaming sites 304 a-n, and regulator 306 may be referred toas a circle of trust. Although there is no direct connection (line) fromregulator 306 to the gaming Web sites 304, there is still a trustrelationship between the two. Regulator 306 must trust that the gamingWeb sites are taking appropriate steps to verify and authenticate itsonline gamblers, which they are doing by utilizing services of thesecure, online registration system which is trusted (and in some casesmonitored, spot checked, approved etc.) by the regulators.

The other entity involved in the process, as described initially in FIG.1, is a registration venue 308. There may be multiple venues in ajurisdiction (for illustrative purposes, only one is shown).Registration venue 308 may be a land-based registration office, such asa sheriff's office, a land-based casino (which has an online gamblingsite), a gaming commission office, or service provider office (i.e., theentity providing registration system 302).

When first signing up with the registration system, the gambler mayfirst be required to appear in person with proof of residency, age, andmay be required to fund online accounts. This may all be done at venueregistration 308. In one embodiment, it only has a need to communicatewith registration system 302. Also shown is online wallet funding system310 which in some embodiments may be utilized by registration system 302and gaming sites 304. It enables managing accounts and funds for onlinegamblers and may be useful in ensuring that minimum balances aremaintained (and, if not, that online gambling is blocked), parameterssetting daily (or weekly/monthly/etc.) wagering amounts are notexceeded, and the like. In general, registration system 302 and theonline gaming sites may effectively outsource most of the onlineaccounting and funding aspects of the system to wallet system 310 andrely on it to maintain online gamblers' accounts. In other embodimentsor with the more sophisticated online gaming sites (e.g., thoseconnected to an experienced land-based casino), outsourcing of thisresponsibility may not be needed given that they may already have highlyreliable accounting systems in place.

Registration system 302 may be used in other ways as well. Some havebeen mentioned or alluded to above, such as storing various patronpreferences, including responsible gaming preferences, references to anaccount in central wallet funding system 310, among others. Although theregistration system is well-suited for jurisdictions that requireplayers to register with the state or provincial government, it is alsofunctional for states and other jurisdictions that only require playersto first register and fund accounts at land-based casinos. For example,if Nevada had such requirements, players may normally be restricted togamble at online casinos that they have been able to register with attheir land-based counterparts, which may make it difficult for onlineplayers to easily move from one online gaming site to another. Theregistration system of the present invention may allow land/onlinecasino operators to create registration consortiums or groups thatprovide online gamblers access to a larger number of online gaming sitesonce the player registers with any land-based casino that is in theconsortium. This may be especially useful for smaller, locally basedcasinos in establishing an online presence by cooperating with othercasinos of similar size.

Another possible use is to restrict the release of information that canpersonally identify an online player. As noted above, some gamblers wantto remain anonymous. Presently, in some land-based casinos, around 40%of the gamblers are not members of a loyalty or reward program. Theseplayers consciously chose to forgo earning points and rewards on theirplay in order to remain anonymous. In this configuration, the playerregisters with the registration system using the process required by thejurisdiction. When the player goes to the online gaming site in the samejurisdiction, the player logs into the site using his previouslyestablished online registration system account (created in FIG. 1) andthrough a user interface on the registration site, instructs the systemto not reveal any personally identifying information to the onlinegaming site. When the player login is complete at the gaming site, thesite will only see the player as a unique number, such as a GUID (whichmay uniquely identify the player for the session or for all time). Thetoken may also contain information describing whether the player isregistered in the jurisdiction and other data as described extensivelyabove. This allows a player to gamble online on numerous gaming Websites, but only require the player to reveal personally identifyinginformation to the secure, online registration system.

FIGS. 4A and 4B illustrate a computing device 400, such as a personalcomputer, a server computer, or a tablet device, suitable forimplementing specific embodiments of the present invention. FIG. 4Ashows one possible physical implementation of a computing system. In oneembodiment, system 400 includes a display 404. It may also have akeyboard 410 that is shown on display 404 or may be a physical componentthat is part of the device housing. It may have various ports such asHDMI, DVI, or USB ports (not shown). Computer-readable media that may becoupled to device 400 may include USB memory devices and various typesof memory chips, sticks, and cards.

FIG. 4B is an example of a block diagram for computing system 400.Attached to system bus 420 is a variety of subsystems. Processor(s) 422are coupled to storage devices including memory 424. Memory 424 mayinclude random access memory (RAM) and read-only memory (ROM). As iswell known in the art, ROM acts to transfer data and instructionsuni-directionally to the CPU and RAM is used typically to transfer dataand instructions in a bi-directional manner Both of these types ofmemories may include any suitable of the computer-readable mediadescribed below. A fixed disk 426 is also coupled bi-directionally toprocessor 422; it provides additional data storage capacity and may alsoinclude any of the computer-readable media described below. Fixed disk426 may be used to store programs, data and the like and is typically asecondary storage medium that is slower than primary storage. It will beappreciated that the information retained within fixed disk 426, may, inappropriate cases, be incorporated in standard fashion as virtual memoryin memory 424.

Processor 422 is also coupled to a variety of input/output devices suchas display 404 and network interface 440. In general, an input/outputdevice may be any of: video displays, keyboards, microphones,touch-sensitive displays, tablets, styluses, voice or handwritingrecognizers, biometrics readers, or other devices. Processor 422optionally may be coupled to another computer or telecommunicationsnetwork using network interface 440. With such a network interface, itis contemplated that the CPU might receive information from the network,or might output information to the network in the course of performingthe above-described method steps. Furthermore, method embodiments of thepresent invention may execute solely upon processor 422 or may executeover a network such as the Internet in conjunction with a remoteprocessor that shares a portion of the processing.

In addition, embodiments of the present invention further relate tocomputer storage products with a computer-readable medium that havecomputer code thereon for performing various computer-implementedoperations. The media and computer code may be those specially designedand constructed for the purposes of the present invention, or they maybe of the kind well known and available to those having skill in thecomputer software arts. Examples of computer-readable media include, butare not limited to: magnetic media such as hard disks, floppy disks, andmagnetic tape; optical media such as CD-ROMs and holographic devices;magneto-optical media such as floptical disks; and hardware devices thatare specially configured to store and execute program code, such asapplication-specific integrated circuits (ASICs), programmable logicdevices (PLDs) and ROM and RAM devices. Examples of computer codeinclude machine code, such as produced by a compiler, and filescontaining higher-level code that are executed by a computer using aninterpreter.

The foregoing description, for purposes of explanation, used specificnomenclature to provide a thorough understanding of the invention.However, it will be apparent to one skilled in the art that the specificdetails are not required in order to practice the invention. Thus, theforegoing descriptions of specific embodiments of the present inventionare presented for purposes of illustration and description. They are notintended to be exhaustive or to limit the invention to the precise formsdisclosed. It will be apparent to one of ordinary skill in the art thatmany modifications and variations are possible in view of the aboveteachings.

The embodiments were chosen and described in order to best explain theprinciples of the invention and its practical applications, to therebyenable others skilled in the art to best utilize the invention andvarious embodiments with various modifications as are suited to theparticular use contemplated. It is intended that the scope of theinvention be defined by the following claims and their equivalents.

While the embodiments have been described in terms of several particularembodiments, there are alterations, permutations, and equivalents, whichfall within the scope of these general concepts. It should also be notedthat there are many alternative ways of implementing the methods andapparatuses of the present embodiments. It is therefore intended thatthe following appended claims be interpreted as including all suchalterations, permutations, and equivalents as fall within the truespirit and scope of the described embodiments.

The invention is claimed as follows:
 1. A method of registering a newplayer at an online gaming Web site, the method comprising: receivingplayer data relating to the new player; creating an online gamingaccount for the new player; receiving secure claims data relating to thenew player from a third-party gambler registration site; confirming thatthe new player is authorized to access the online gaming Web site basedon the secure claims data, wherein the secure claims data uniquelyidentifies the new player and includes encrypted information associatedwith the new player that was previously provided by the new playerthrough the third-party gambler registration site; linking the onlinegaming account with a third-party gambler registration account, thethird-party gambler registration account created previously by the newplayer through the third-party gambler registration site; and updatingthe online gaming account based on the encrypted information included inthe secure claims data.
 2. The method of claim 1, wherein receivingsecure claims data relating to the new player further comprisesreceiving a claims-based identity token from the third-party gamblerregistration site.
 3. The method of claim 1, further comprising:receiving an access token from the third-party gambler registrationsite; and utilizing the access token to call an API.
 4. The method ofclaim 3, further comprising verifying a signature of the access token toensure that the access token is from the third-party gamblerregistration site.
 5. The method of claim 1, further comprisingredirecting the new player to the third-party gambler registration siteand receiving an authentication-complete message from the third-partygambler registration site.
 6. The method of claim 1, wherein linking theonline gaming account with the third-party gambler registration accountfurther comprises showing proof of residency in a specific jurisdiction.7. The method of claim 1, further comprising accepting the new player asverified to begin immediate game play through the online gaming Website.
 8. A system for registering a new player at an online gaming Website, the system comprising: a network interface; at least oneprocessor; and at least one memory device that stores instructions that,when executed by the at least one processor, cause the at least oneprocessor to operate with the network interface to: receive player datarelating to the new player; create an online gaming account for the newplayer; receive secure claims data relating to the new player from athird-party gambler registration site; confirm that the new player isauthorized to access the online gaming Web site based on the secureclaims data, wherein the secure claims data uniquely identifies the newplayer and includes encrypted information associated with the new playerthat was previously provided by the new player through the third-partygambler registration site; link the online gaming account with athird-party gambler registration account, the third-party gamblerregistration account created previously by the new player through thethird-party gambler registration site; and update the online gamingaccount based on the encrypted information included in the secure claimsdata.
 9. The system of claim 8, wherein the secure claims data relatingto the new player includes a claims-based identity token.
 10. The systemof claim 8, wherein the instructions, when executed by the at least oneprocessor, cause the at least one processor to operate with the networkinterface to: receive an access token from the third-party gamblerregistration site; and utilize the access token to call an API.
 11. Thesystem of claim 10, wherein the instructions, when executed by the atleast one processor, cause the at least one processor to verify asignature of the access token to ensure that the access token is fromthe third-party gambler registration site.
 12. The system of claim 8,wherein the instructions, when executed by the at least one processor,cause the at least one processor to operate with the network interfaceto redirect the new player to the third-party gambler registration siteand receive an authentication-complete message from the third-partygambler registration site.
 13. The system of claim 8, wherein theinstructions, when executed by the at least one processor, cause the atleast one processor to link the online gaming account with thethird-party gambler registration account by showing proof of residencyin a specific jurisdiction.
 14. The system of claim 8, wherein theinstructions, when executed by the at least one processor, cause the atleast one processor to accept the new player as verified to beginimmediate game play through the online gaming Web site.
 15. Anon-transitory computer readable medium that stores instructions that,when executed by at least one processor, cause the at least oneprocessor to operate with a network interface to: receive player datarelating to a new player; create an online gaming account for the newplayer; receive secure claims data relating to the new player from athird-party gambler registration site; confirm that the new player isauthorized to access the online gaming Web site based on the secureclaims data, wherein the secure claims data uniquely identifies the newplayer and includes encrypted information associated with the new playerthat was previously provided by the new player through the third-partygambler registration site; link the online gaming account with athird-party gambler registration account, the third-party gamblerregistration account created previously by the new player through thethird-party gambler registration site; and update the online gamingaccount based on the encrypted information included in the secure claimsdata.
 16. The non-transitory computer readable medium of claim 15,wherein the secure claims data relating to the new player includes aclaims-based identity token.
 17. The non-transitory computer readablemedium of claim 15, wherein the instructions, when executed by the atleast one processor, cause the at least one processor to operate withthe network interface to: receive an access token from the third-partygambler registration site; and utilize the access token to call an API.18. The non-transitory computer readable medium of claim 17, wherein theinstructions, when executed by the at least one processor, cause the atleast one processor to verify a signature of the access token to ensurethat the access token is from the third-party gambler registration site.19. The non-transitory computer readable medium of claim 15, wherein theinstructions, when executed by the at least one processor, cause the atleast one processor to operate with the network interface to redirectthe new player to the third-party gambler registration site and receivean authentication-complete message from the third-party gamblerregistration site.
 20. The non-transitory computer readable medium ofclaim 15, wherein the instructions, when executed by the at least oneprocessor, cause the at least one processor to link the online gamingaccount with a third-party gambler registration account by showing proofof residency in a specific jurisdiction.
 21. The non-transitory computerreadable medium of claim 15, wherein the instructions, when executed bythe at least one processor, cause the at least one processor to acceptthe new player as verified to begin immediate game play through theonline gaming Web site.
 22. The method of claim 1, wherein the encryptedinformation included in the secure claims data includes at least one of:whether the new player is jurisdictionally verified based on residencyrequirements and age requirements of a jurisdiction associated with theonline gaming Web site, age information of the new player, legal nameinformation of the new player, birthdate information of the new player,responsible gaming parameters of the new player, and source of fundsinformation of the new player.
 23. The system of claim 8, wherein theencrypted information included in the secure claims data includes atleast one of: whether the new player is jurisdictionally verified basedon residency requirements and age requirements of a jurisdictionassociated with the online gaming Web site, age information of the newplayer, legal name information of the new player, birthdate informationof the new player, responsible gaming parameters of the new player, andsource of funds information of the new player.
 24. The non-transitorycomputer readable medium of claim 15, wherein the encrypted informationincluded in the secure claims data includes at least one of: whether thenew player is jurisdictionally verified based on residency requirementsand age requirements of a jurisdiction associated with the online gamingWeb site, age information of the new player, legal name information ofthe new player, birthdate information of the new player, responsiblegaming parameters of the new player, and source of funds information ofthe new player.